[newbie] Encryption using OpenSSL

Discussion in 'Ruby' started by Robert, Oct 4, 2005.

  1. Robert

    Robert Guest

    Hello!

    I'm writing a website with Rails and I want to encrypt the passwords
    that go into the database. However, I don't want to use hashes (e.g.
    SHA1). Instead, I want to be able to decrypt to passwords again.

    I searched Google and found this:

    require 'openssl'
    require 'digest/sha1'
    c = OpenSSL::Cipher::Cipher.new("aes-256-cbc")
    c.encrypt
    # your pass is what is used to encrypt/decrypt
    c.key = key = Digest::SHA1.hexdigest("yourpass")
    c.iv = iv = c.random_iv <-------------------------- What's IV??
    e = c.update("crypt this")
    e << c.final
    puts "encrypted: #{e}\n"
    c = OpenSSL::Cipher::Cipher.new("aes-256-cbc")
    c.decrypt
    c.key = key
    c.iv = iv
    d = c.update(e)
    d << c.final
    puts "decrypted: #{d}\n"

    That works. However, what's IV? I queried Google and found that it
    stands for "initialization vector". Can anyone quickly explain to me
    what that is, and most importantly: do I have to use that? Or can I
    just leave it out? I'd prefer to just use a key to encrypt the
    passwords, instead of "two keys"..


    I'm grateful for any help,

    thanks,
    Rob
     
    Robert, Oct 4, 2005
    #1
    1. Advertising

  2. Robert

    Dirk Meijer Guest

    ------=_Part_16662_30027996.1128489067485
    Content-Type: text/plain; charset=ISO-8859-1
    Content-Transfer-Encoding: quoted-printable
    Content-Disposition: inline

    i'm sorry, not really an answer to your question here, a question of my own
    actually..
    i created an encrypting program (http://rubyforge.org/projects/rubycipher)
    and i was wondering if technically, it could be used for the same purpose,
    encrypting passwords in rails..
    greetings, Dirk.


    2005/10/5, Robert <>:
    >
    > Hello!
    >
    > I'm writing a website with Rails and I want to encrypt the passwords
    > that go into the database. However, I don't want to use hashes (e.g.
    > SHA1). Instead, I want to be able to decrypt to passwords again.
    >
    > I searched Google and found this:
    >
    > require 'openssl'
    > require 'digest/sha1'
    > c =3D OpenSSL::Cipher::Cipher.new("aes-256-cbc")
    > c.encrypt
    > # your pass is what is used to encrypt/decrypt
    > c.key =3D key =3D Digest::SHA1.hexdigest("yourpass")
    > c.iv =3D iv =3D c.random_iv <-------------------------- What's IV??
    > e =3D c.update("crypt this")
    > e << c.final
    > puts "encrypted: #{e}\n"
    > c =3D OpenSSL::Cipher::Cipher.new("aes-256-cbc")
    > c.decrypt
    > c.key =3D key
    > c.iv =3D iv
    > d =3D c.update(e)
    > d << c.final
    > puts "decrypted: #{d}\n"
    >
    > That works. However, what's IV? I queried Google and found that it
    > stands for "initialization vector". Can anyone quickly explain to me
    > what that is, and most importantly: do I have to use that? Or can I
    > just leave it out? I'd prefer to just use a key to encrypt the
    > passwords, instead of "two keys"..
    >
    >
    > I'm grateful for any help,
    >
    > thanks,
    > Rob
    >
    >


    ------=_Part_16662_30027996.1128489067485--
     
    Dirk Meijer, Oct 5, 2005
    #2
    1. Advertising

  3. Hi,

    ...
    > # your pass is what is used to encrypt/decrypt c.key = key =
    > Digest::SHA1.hexdigest("yourpass")
    > c.iv = iv = c.random_iv <-------------------------- What's IV??
    > e = c.update("crypt this")

    ...

    look at http://www.cacr.math.uwaterloo.ca/hac/.

    Chapter 7 gives a good explanation about block ciphers like AES and the use
    of Ivs.

    In short: block ciphers like AES or DES encrpyts/decrypts data in blocks
    (ie. 16 bytes each block). The processing of each block depends on the
    result of the block processed before. So for the first data block there is
    no predecessor, instead a IV with the same block size is used to initialize
    the algoritm. To initialize the algorithm for decryption/encryption you need
    the same iv as for encryption/decryption.

    Regards,

    Roland
     
    Roland Schmitt, Oct 5, 2005
    #3
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Replies:
    4
    Views:
    5,866
    Thomas J. Gritzan
    Sep 22, 2006
  2. Douglas S. J. De Couto

    OpenSSL for public/private key encryption

    Douglas S. J. De Couto, Mar 21, 2006, in forum: Ruby
    Replies:
    2
    Views:
    102
    Douglas S. J. De Couto
    Mar 21, 2006
  3. stefko
    Replies:
    3
    Views:
    478
  4. Brad Tilley
    Replies:
    2
    Views:
    134
    Chilkat Software
    Nov 4, 2006
  5. Redd Vinylene
    Replies:
    6
    Views:
    321
    Jakub Pawlowicz
    Nov 18, 2008
Loading...

Share This Page